Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Server apparatus and method of preventing denial of service attacks, and computer program product

a server and service technology, applied in the field of server apparatus and computer program products, can solve the problems of not employing techniques, restricting the possibility of attack to nodes on the network, and severe damage with a relatively small band

Inactive Publication Date: 2012-07-31
KK TOSHIBA
View PDF23 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0013]According to another aspect of the present invention, a method of preventing denial-of-service attack to a server apparatus capable of communicating with at least one of client apparatuses via a network, the method includes receiving via the network a first query message that contains address data for indicating a source client apparatus and query data concerning a question; calculating a first identifying data based on the address data contained in the first query message; relating the first identifying data with the query data; creating a first response message that contains the query data related with the first identifying data and reply requesting data for requesting to transmit the question again; transmitting the first response message to the client apparatus specified by the address data; receiving via the network a second query message that contains the address data and the query data related with the first identifying data; calculating a second identifying data based on the address data contained in the second query message; determining validity of the client apparatus that has specified by the address data based on the first identifying data related with the query data contained in the second query message and the second identifying data; creating a second response message that contains an answer to the query data when the client apparatus specified by the address data is determined to be valid; and transmitting the second response message to the client apparatus specified by the address data.

Problems solved by technology

As a data size of a response packet is larger than that of the query packet corresponding to itself, the attacker node can cause a severe damage with a relatively small band.
It means that the nodes on the network having a possibility to be attacked are restricted.
However, the authoritative server, which has to respond every queries regardless of which client is transmitted the query, can not employ the technique.
It means that the system does not effectively work until all of the existing clients on the Internet support the system used in the technique.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Server apparatus and method of preventing denial of service attacks, and computer program product
  • Server apparatus and method of preventing denial of service attacks, and computer program product
  • Server apparatus and method of preventing denial of service attacks, and computer program product

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022]Exemplary embodiments of the present invention are described in detail below with reference to the accompanying drawings.

[0023]In a server apparatus according to an embodiment, upon receiving a query from a client, the server apparatus returns a response message for redirecting, without responding immediately to a first query from the client. Then, upon receiving a redirect reply message to the response message from the client, the server apparatus returns a response message containing the answer to the query. In this time, the server apparatus contains data depending on a source address into the response message for requesting to a redirect reply, and determines whether the redirect reply message is valid when receiving of the redirect reply message by using the data.

[0024]In the present embodiment, a DNS server 100 is used as the server apparatus for returning responses to queries from clients. Not limited to the DNS server, the present embodiment can apply to any device tha...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A server apparatus receives a query message, calculates an identifying data based on an address and a query name containing in the query message, creates a response message containing the identifying data for requesting a redirect reply or a response message containing an answer to the query name, determines whether the query message is a redirect message and further determines whether the response message containing the answer is larger than a threshold value, and finally transmits either one of the response messages.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This application is based upon and claims the benefit of priority from the prior Japanese Patent Application No. 2006-291521, filed on Oct. 26, 2006; the entire contents of which are incorporated herein by reference.BACKGROUND OF THE INVENTION[0002]1. Field of the Invention[0003]The present invention relates to a server apparatus, a method, and a computer program product that can prevent denial-of-service attacks caused by transmitting a response packet that is amplified by a packet in which a query source is personated.[0004]2. Description of the Related Art[0005]Domain name system (DNS), one of backbone functions for the Internet, is a client-server database system for providing services based on data associated host names with internet protocol (IP) addresses. A DNS client transmits a query packet containing a specific domain name (such as a host name) to a server, and the server processes the query packet and transmit back to the clie...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(United States)
IPC IPC(8): G06F15/173H04L12/22H04L12/70
CPCH04L29/12066H04L61/1511H04L63/1458H04L61/4511
Inventor JIMMEI, TATSUYA
Owner KK TOSHIBA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com